Page 50 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 50

9  ADDITIONAL AREAS OF RISKS AND CONCERN IN DLT USE


            Table 5: Additional areas of risks and concern in DLT use


             General Areas of Con-  Examples             Corresponding Vulnerability
             cern
             ‘Download and Decrypt  Longevity of the security   Transactions on a DL may be vulnerable to advances in cryptog-
             Later’ Concerns:     data on DLs.           raphy over a period of years or decades such that ‘old’ transac-
                                                         tions can be undetectably changed. The ability then to upgrade
                                                         the cryptographic techniques used for ‘old’ transactions should
                                                         be considered in DLT designs.
             Authorized Access    Nodes on DL usually cannot  A bad actor with access to a comprehensive banking DLT that
                                  distinguish between a trans- itself accesses all or of part of a core banking network block-
                                  action by  un/authorized,   chain - or a real-time gross settlement system (RTGS) – then
                                  users with .key access.  this breach would in effect be compromising all banks’ databas-
                                                         es simultaneously.
             Vulnerabilities in Nodes Node availability  The more trusted parties per node that are needed, so too
                                                         does the compromisable ‘surface area' of a distributed network
                                                         increase. Nodes however are needed to prevent 51% attacks.
             Transfer of Data     Interoperability Attempts   Interoperability required to connect these silos may introduce
             Between DLTs         Between DLTs Raises Con-  security and efficiency risks to the respective blockchain opera-
                                  cerns:                 tions number of initiatives to enhance interoperability between
                                                         DLTs to facilitate secure communication between separate and
                                                         independent chains.
             Open Source Software   The underlying code in any  The exploitation of a flaw in the Ethereum blockchain led to the
             Development in DLT   blockchain may be a secu-  immutability paradigm of blockchain being necessarily violated
                                  rity Issue             by its creators to restore (potentially) lost funds.
             Trust of Nodes:      Tradeoff between replacing  Despite the use of strong cryptography, DLTs are not necessarily
                                  costly – and often risky -   a panacea for security concerns people may have. The cost-ben-
                                  intermediaries with nodes.  efit in using blockchain is somewhat ameliorated by the need
                                                         to trust permissioned authors rather than relying solely on the
                                                         nodes who offer the guarantee of ledger integrity.
             User Interface/User   Wallets etc           Risk that UI will not properly address limited capacity of many
             Experience Failures                         users/consumers and a substantial number of errors will occur.






            10  OVERALL CONCLUSIONS

            Almost all sectors in an economy are vulnerable to   tributed  network  of  computers.   The  most  preva-
                                                                                           373
            cyber-threats and have acted accordingly. In the   lent form of DLT are blockchains, introduced around
            current climate of increased cyber-attacks, cyber-se-  2008-2009. These can be public, permissioned,
            curity should be by design and by default not an   private or open – or combinations thereof.   Block-
                                                                                                    374
            afterthought or a shortcut. Emerging and nascent   chain uses cryptographic and algorithmic methods
            sectors – especially those with startups with limit-  to record transactions between computers on a net-
            ed resources – have historically however not applied   work.  Transactions are grouped into ‘blocks.’  As
                                                                                                        376
                                                                    375
            sufficient resources to these threats.             new blocks form, they are confirmed by the network
               A technology gaining increasing attention from   and connected to the block before it, thus creating a
            regulators because of its secure and advanced infor-  verified and tamper-evident chain of data blocks.
                                                                                                           377
            mation sharing is Distributed Ledger Technologies   The most popular blockchains are those from the Bit-
            (DLTs). In a DLT, data is recorded and stored, trans-  coin crypto-currency, as well as Ethereum. The latter
            actions are proposed and validated, and records are   allows the use of smart contract to automate trans-
            updated in a synchronized manner across the dis-   actions across the world.



           48    Security Aspects of Distributed Ledger Technologies
   45   46   47   48   49   50   51   52   53   54   55